package weblogic.servlet.security;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import weblogic.common.internal.ThreadStorage;
import weblogic.security.X509;
import weblogic.security.acl.DefaultUserInfoImpl;
import weblogic.security.acl.internal.AuthenticatedUser;
import weblogic.security.acl.internal.Security;
import weblogic.servlet.internal.ServletContextImpl;
import weblogic.servlet.internal.session.SessionData;
import weblogic.t3.srvr.T3Srvr;

/* loaded from: input_file:weblogic/servlet/security/ServletAuthentication.class */
public class ServletAuthentication {
    private String usernameField;
    private String passwordField;
    public static final int AUTHENTICATED = 0;
    public static final int FAILED_AUTHENTICATION = 1;
    public static final int NEEDS_CREDENTIALS = 2;

    public ServletAuthentication(String str, String str2) {
        this.usernameField = str;
        this.passwordField = str2;
    }

    public void done(HttpServletRequest httpServletRequest) {
        SessionData session = httpServletRequest.getSession(false);
        if (session != null) {
            session.removeValue(ServletContextImpl.SESSION_AUTH_USER);
            T3Srvr.getT3Srvr().httpServer().removeAuthUser(session.getInternalId());
        }
    }

    public int strong(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        return strong(httpServletRequest, httpServletResponse, "weblogic");
    }

    public int strong(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException, IOException {
        X509[] x509Arr = (X509[]) httpServletRequest.getAttribute("javax.net.ssl.peer_certificates");
        if (x509Arr == null || x509Arr.length == 0) {
            return 2;
        }
        try {
            AuthenticatedUser authenticate = Security.authenticate(new DefaultUserInfoImpl((String) null, x509Arr));
            if (authenticate == null) {
                return 1;
            }
            SessionData session = httpServletRequest.getSession(true);
            if (session != null) {
                T3Srvr.getT3Srvr().httpServer().setAuthUser(session.getInternalId(), authenticate);
                session.putValue(ServletContextImpl.SESSION_AUTH_USER, authenticate);
            }
            ThreadStorage.current().setUser(authenticate);
            return 0;
        } catch (SecurityException unused) {
            return 1;
        }
    }

    public int weak(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        return weak(httpServletRequest.getParameter(this.usernameField), httpServletRequest.getParameter(this.passwordField), httpServletRequest);
    }

    public static int weak(String str, String str2, HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(true);
        if (session == null) {
            return 1;
        }
        return weak(str, str2, session, httpServletRequest);
    }

    public static int weak(String str, String str2, HttpSession httpSession, HttpServletRequest httpServletRequest) {
        AuthenticatedUser checkAuthenticate = ServletContextImpl.checkAuthenticate(str, str2, httpServletRequest, httpSession, false, null, null, null);
        if (checkAuthenticate == null) {
            return 1;
        }
        ThreadStorage.current().setUser(checkAuthenticate);
        return 0;
    }

    public static int authObject(String str, Object obj, HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(true);
        if (session == null) {
            return 1;
        }
        return authObject(str, obj, session, httpServletRequest);
    }

    public static int authObject(String str, Object obj, HttpSession httpSession, HttpServletRequest httpServletRequest) {
        AuthenticatedUser checkAuthenticate = ServletContextImpl.checkAuthenticate(str, obj, httpServletRequest, httpSession, false, null, null, null);
        if (checkAuthenticate == null) {
            return 1;
        }
        ThreadStorage.current().setUser(checkAuthenticate);
        return 0;
    }
}
